I am trying to better understand the work-flow of the Twitter Oauth implementation. Currently, using Oauth to provide the user the ability to login to my site via Twitter, I can achieve the following:

• Authorize my application via their Twitter account
• get their oauth tokeh, oauth secret, and userid
• store their token/secret/id in a MySQL table for future calls.

The part I’m having trouble with is understanding exactly how I can go about re-verifying the user with the saved token/secret/id instead of re-authorizing that user every time they choose to visit my site.

If I’m not mistaken, every time the user visits my site, they request a new token/key which invalidates the previous token/key. How do I allow them to log in again without the need to change these values in my table.

I understand that this could likely be class-specific, but I am looking for more of a step-by-step explanation of the process.

I can solve this easily with $_SESSION vars and cookies, but it seems like there should be a much simpler way.